Tag: Cloud Security

If you’re already on the Slack bandwagon, then you have probably experienced first-hand how it can make communications between teams far simpler and more streamlined. With 1.7 million daily active users, it’s clear Slack has come to dominate the team chat world, especially in tech and tech-savvy industries.

From a security perspective, Slack has done a solid job of keeping its assets on lock. In 2016, they scored Geoff Belknap from Palantir to become chief security officer. And they have been pretty transparent about their approach to security. They have dedicated a whole section of their website to it and published interviews with Belknap and others that delve into Slack’s precautions and philosophy around security. Belknap says, “My job is to worry. Professionally. So that our customers don’t have to.” We love that attitude!

The company has also gone to the trouble of certifying many of its products to meet stringent compliance regulations like FINRA, HIPAA, and SOC 2 and 3, which makes it a no-brainer for small teams and enterprises alike.

So, we feel that it’s perfectly possible for companies of all shapes and sizes to lean on Slack for team chat and ops without worrying too much about security. But, we also believe in the shared responsibility model when it comes to any form of online security. No one’s perfect, and Slack’s ubiquity and popularity mean that it will always be a target for cybercriminals looking to steal information.

There’s no need to run scared, but you do need to be smart about how you use this valuable tool. Here are our tips for running Slack securely at your organization. Read more “How to Stay Secure on Slack”

We’ve written before about what it means to meet compliance standards without going completely overboard. Today, we want to talk about how that applies to cloud security as well. Some teams mistakenly believe that their security posture needs to be absolutely perfect. That’s not only overwhelming — it’s impossible.

More to the point, the reality of today’s security landscape is that cybercriminals are always looking for the path of least resistance. If company A has reasonably good security safeguards in place and company B does not, criminals aren’t going to waste resources poking at company A until they find a weakness. They’ll go after company B.

This is why we tell organizations that, when it comes to security, perfect can often be the enemy of good. Rather than trying to make your organization perfectly airtight, it’s time to focus on making your company as unappealing an attack target as possible. Here’s how. Read more “Don’t Make Perfect Security the Enemy of Good Security”

Security can be a huge sales and business enabler, as I’ve mentioned before. If your company and its prospective customers are in a regulated industry — and even if they’re not — you can bet they’re going to ask about your security posture during the sales process. For a number of reasons (including the many high-profile security breaches over the last few years), sales prospects are more aware of risks to their data than ever before. Naturally, they are upping the security requirements for doing business with vendors and partners alike.

Investing in SecOps doesn’t just mean hiring folks who know how to blend together software development, IT operations, and security skillsets. It also doesn’t just mean telling your DevOps team to run secure or scolding your security team into moving fast enough to keep up with continuous deployment.

Truly committing to SecOps means investing in tools that can do double (or triple) duty — helping you not only release code continuously but ensure that everything from your back-end infrastructure to your customer-facing applications is 100% secure. It means investing in tools that make meeting both DevOps and security best practices simple and straightforward.

As DevOps expands to include more security functions and security evolves to be more agile, it’s never been more important (or economical) to be able to use operational tools for security and security tools for operations. DevOps teams want software that can integrate critical functions of security, like alerting, directly into their current processes. Security teams want tools that let them seamlessly interact with DevOps.

This post offers valuable tips on how to easily assess how well your AWS environment is configured using Configuration Auditing. So, let’s get started…

What is a Cloud Security Baseline?

The phrase is bandied about a lot, so let’s get to it: What is a security baseline?

One of the problems that many organizations run into, especially when they are starting out in cloud security, is not knowing where to start and not having specific data to help them define and improve the status of their cloud security.

That’s where a baseline proves critical. CERN Computer Security defines a security baseline as “a set of basic security objectives which must be met by any given service or system.”

If you put this in the context of cloud security, a baseline will show you how closely a snapshot of your current cloud environment conforms to industry best practices and benchmarks.

It’s easy to get distracted by splashy headlines about breaches at corporations with household names. And of course state-sponsored, targeted cyberattacks are sexier than your average phishing scam. But just because a particular threat is newsworthy doesn’t mean it’s the right thing to spend your organization’s valuable resources protecting against.

More and more companies are migrating to the cloud — and for good reason considering the many benefits such as speed, flexibility, and reduced costs.

One of the key questions that always comes up in this transition centers on cloud security. Not so much in the form of “Is the cloud secure?” but more in terms of “What is your company doing to make sure its infrastructure is secure?”

In the best scenario, companies include a cloud security service in their business plan on day one. In the worst case, they limp along for years without a strategically planned, comprehensive security roadmap that will provide real protection for their IP, data, systems, customers, and reputation.

In both cases, these organizations have one thing in common: Regardless of how long they’ve been in business, they are at an early stage of cloud security maturity. They are just starting out on their cloud security journey.

Security maturity in the cloud is an important topic lately, from evolving security with existing DevOps practices, to automating security across your infrastructure, to getting the information you need to piece together what occurred when there is a security incident.